[release-announce] cinder 21.1.0 (zed)

no-reply at openstack.org no-reply at openstack.org
Thu Jan 26 12:11:15 UTC 2023 

We are overjoyed to announce the release of:

cinder 21.1.0: OpenStack Block Storage

This release is part of the zed stable release series.

The source is available from:

    https://opendev.org/openstack/cinder

Download the package from:

    https://tarballs.openstack.org/cinder/

Please report issues through:

    https://bugs.launchpad.net/cinder/+bugs

For more details, please see below.

21.1.0
^^^^^^


Upgrade Notes
*************

* This release introduces a new configuration option,
  "vmdk_allowed_types", that specifies the list of VMDK image
  subformats that Cinder will allow.  The default setting allows only
  the 'streamOptimized' and 'monolithicSparse' subformats, which do
  not use named extents.


Security Issues
***************

* This release introduces a new configuration option,
  "vmdk_allowed_types", that specifies the list of VMDK image
  subformats that Cinder will allow in order to prevent exposure of
  host information by modifying the named extents in a VMDK image. The
  default setting allows only the 'streamOptimized' and
  'monolithicSparse' subformats, which do not use named extents.

* As part of the fix for Bug #1996188
  (https://bugs.launchpad.net/cinder/+bug/1996188), cinder is now more
  strict in checking that the "disk_format" recorded for an image (as
  revealed by the Image Service API image-show response) matches what
  cinder detects when it downloads the image.  Thus, some requests to
  create a volume from a source image that had previously succeeded
  may fail with an "ImageUnacceptable" error.


Bug Fixes
*********

* Bug #1996188 (https://bugs.launchpad.net/cinder/+bug/1996188):
  Fixed issue where a VMDK image file whose createType allowed named
  extents could expose host information.  This change introduces a new
  configuration option, "vmdk_allowed_types", that specifies the list
  of VMDK image subformats that Cinder will allow.  The default
  setting allows only the 'streamOptimized' and 'monolithicSparse'
  subformats.

Changes in cinder 21.0.0..21.1.0
--------------------------------

11b0f97a0 Use the json format output of qemu-img info
ba37dc2ea Check VMDK subformat against an allowed list


Diffstat (except docs and test files)
-------------------------------------

cinder/image/image_utils.py                        | 193 ++++++++--
cinder/volume/flows/manager/create_volume.py       |   4 +-
...vmdk-subformat-allow-list-93e6943d9a486d11.yaml |  33 ++
6 files changed, 764 insertions(+), 218 deletions(-)

More information about the Release-announce mailing list